ShellDetect - Shell Code Analysis and Detection Tool

Shell Detect is the FREE tool to detect presence of
Shell Code within
a file or network stream. You can either provide raw binary file
(such as generated from Metasploit or network stream file as input
to this tool.

These days attackers distribute malicious files
which contains hidden exploit shell code. On opening such files,
exploit shell code get executed silently, leading to complete
compromise of your system . This is more dangerous when the exploit
is 'Zero Day' as it will not be detected by traditional signature
based Anti-virus solutions.
In such cases ShellDetect may help you
to identify presence of shell code (as long as it is in raw format)
and help you to keep your system safe.

Though the new version is more stable than past releases, we recommend running this tool in Virtual Environment (using VMWare,
VirtualBox as it may cause security issues on your
system if the input file is malicious.

Currently ShellDetect
tool is in experimentation stage and works on Windows XP (with SP2, SP3)
only.

Requirements

ShellDetect requires following components

Python - Install latest version

Vmware/VirtualBox (optional)

Using ShellDetect

Here is the simple usage instructions [refer to screenshot
below]

Usage: ShellDetect.py file_name

You can provide input file as raw binary file or network stream
data. Here are the possible examples.

Eg 1: Generate shellcode from Metasploit in "raw" format and
save it in a file. Then feed that file as input to ShellDetect.py.

Eg 2: Send exploit to any server on FTP and capture the traffic
using tcpdump/wireshark, save the traffic in binary format and then
feed that file to ShellDetect.py

We recommend
running it in Virtual
Environment (using VMWare, VirtualBox) as it may cause
security issues on your system if the input file is malicious.

Screenshots

Here is the screenshot of ShellDetect detecting
shell code in raw file as well as network stream file.